The method is called when a new session must be authenticated.
The domain is the URI list describing the protection space. URIs
currently have the form "http://host:port/path", i.e. the port is
always written out. The realms parameter is a list
of realm identifiers. In auth the name of the authentication
method is passed (lowercase characters). The method must
search (or query for) a key, and return it. The key must refer to
one of the passed realms. The domain of the key must be exactly
the same as the passed domain. If the method raises Not_found,
authentication will fail.